The invention relates generally to the technical field of data communication and more specifically to the field of transmission of data streams to and from a security module. A security module in the diction of the present document can for example have the construction form of a chip card (smart card) or of a compact chip module or of a USB data carrier.
A preferred field of application of security modules is the encryption and decryption or the signing of data. The communication of a terminal device with the security module can take place via a web server realized in the security module, the web server being configured according to the “Java Card 3.0” specification for example. The terminal device sends requests—for example HTTP requests—to the security module and receives associated responses—for example HTTP responses.
The application protocols typically provided for a web server—for example HTTP or its secured variant HTTPS—allow responding to a request only if the request has been received in its entirety. Therefore the data to be processed and/or the generated result data must be intermediately stored in their entirety. Since memory space is frequently scarce in security modules, this represents a considerable consumption of resources. Further, the maximum size of the data to be processed is limited by the memory space available for the intermediate storing, even if the processing procedure itself—for example an encryption or decryption—could be carried out block by block without complete intermediate storage. Even if sufficient memory space were present in the security module, a complete intermediate storage leads to undesirably long reaction times.
EP 1 679 620 A1 shows a method for responding to an HTTP request in several parts. An HTTP request is regarded as open for such a time until it has been responded to completely by means of several HTTP responses. However, there exists the difficulty that this method is an extension of the HTTP standard that cannot be implemented offhand with conventional components—e.g. conventional web browsers.